dns-flood action

Use dns-flood action to specify global actions against DNS flood attacks.

Use undo dns-flood action to restore the default.

Syntax

dns-flood action { drop | logging } *

undo dns-flood action

Default

No global action is specified for DNS flood attacks.

Views

Attack defense policy view

Predefined user roles

network-admin

mdc-admin

Parameters

drop: Drops subsequent DNS packets destined for the victim IP addresses.

logging: Enables logging for DNS flood attack events.

Examples

# Specify drop as the global action against DNS flood attacks in attack defense policy atk-policy-1.

<Sysname> system-view
[Sysname] attack-defense policy atk-policy-1
[Sysname-attack-defense-policy-atk-policy-1] dns-flood action drop

Related commands

dns-flood detect

dns-flood detect non-specific

dns-flood threshold